Prime Minister Malcolm Turnbull said Friday that encryption is posing major challenges to law enforcement in investigations dealing with terrorism, drug trafficking and child exploitation. The planned legislation would ensure that internet companies are obliged to assist, he said.

"We need to ensure that the internet is not used as a dark place for bad people to hide their criminal activities from the law," Turnbull, says according to a video from broadcaster ABC. "The Australian Federal Police must have the powers, as do all our other intelligence and law enforcement agencies, to enforce the law online as well as offline."

Australia has been internationally pushing its view on how encryption is complicating law enforcement, most recently at the G20 meeting in Hamburg and last month at an intelligence summit last month with the U.S., U.K., New Zealand and Canada.

The U.S. and U.K. have also expressed worries over encrypted communication. The European Union, however, is moving in the other direction. It's considering amending a privacy directive to mandate end-to-end encryption and prohibit "backdoors," or mechanisms that subvert security (see Crypto in Europe: Battle Lines Drawn).

End-to-End Encryption

Technology companies, particularly those with messaging applications, have moved over the past few years to strengthen privacy protections. One catalyst was the top secret leaks in 2013 from former U.S. National Security Administration contractor Edward Snowden, which showed signals intelligence dragnets run by the U.S. and U.K. governments. Other motivations include increasing cybercrime and nation-state hacking.

A host of messaging products employ end-to-end encryption, including Facebook's WhatsApp, Telegram, Signal and Wickr. Encryption and decryption keys are stored end user devices rather than on a central server. In that configuration, providers simply don't have the capability to decrypt content.

But those providers often can provide metadata around communications between parties, such as the duration or timing of messages or calls, which is useful to law enforcement.

Technology companies remain opposed to modifying their products with backdoors. Inserting backdoors into software is considered dangerous because there's no guarantee the method would remain secret. The same encryption technology alleged to be used by terrorists also protects, for example, the intellectual property of companies.

In a statement, Facebook's Australian office said it understands why law enforcement needs to carry out investigations and has a protocol for responding to requests for data "where we can."

"At the same time, weakening encrypted systems for them [law enforcement] would mean weakening it for everyone," Facebook says.

Google's Australia office didn't directly address encryption. "We have always supported the work of law enforcement and intelligence agencies by promptly providing data in response to valid legal process and emergency disclosure requests," according to a spokesman.

Slim Detail on Legislation

While making his case, Turnbull took a surprising swipe a U.S. technology companies.

"There is a culture, particularly in the United States, a very libertarian culture which is quite anti-government in the tech sector," Turnbull says. "Now the reality is, however, that these encrypted messaging applications, voice applications are being used obviously by all of us, but they're also being used by people who seek to do us harm."

The details of how Australia will compel technology companies to provide access to encrypted communications remain to be seen. As in other public statements, the government ideas are ambiguous and occasionally not entirely technically accurate.

Turnbull said that access would not be granted through "backdoors or other untoward means."

When asked to define a backdoor, Turnbull said: "Do you want me to tell you what a backdoor is? A backdoor is typically a flaw in a software program that perhaps the, you know, the developer of the software program is not aware of and that somebody who knows about it can exploit."

What Turnbull actually described is a software vulnerability. His comment, along with others made by government officials in the past, have often made the encryption debate in Australia more confusing because of imprecise or vague language.

Government agencies often use software vulnerabilities for intelligence operations. The FBI used a software vulnerability to gain access to the iPhone of the one of the San Bernardino shooters after it abandoned a legal fight to force Apple to create software that would unlock the phone (see Could FBI Have Cracked Shooter's iPhone for Less Than $100?).

About the Author

Jeremy Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;